Text To Video Free App
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: text-to-video-free-app Version: 1.0.0 The skill is a legitimate integration for a text-to-video service hosted at mega-api-prod.nemovideo.ai. It provides detailed instructions for the AI agent to manage sessions, upload content, and poll for video rendering status. The use of environment variables (NEMO_TOKEN) and external API calls is consistent with the stated purpose of cloud-based video generation, and no indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text prompts and uploaded documents/media may leave the local environment and be processed by NemoVideo's cloud service.
The skill sends user prompts and selected files to an external cloud API for processing; this is expected for the stated purpose, but the visible artifact does not describe data retention or privacy boundaries.
**Send message (SSE)**: POST `/run_sse` ... `{"text":"<msg>"}` ... **Upload**: POST `/api/upload-video/nemo_agent/me/<sid>` — file: multipart `-F "files=@/path"`Do not submit confidential or regulated content unless you trust the provider and have verified its privacy and retention terms.
Anyone with the token could potentially use the associated NemoVideo API access until it expires or is revoked.
The skill uses a bearer token for the external API. This is disclosed and purpose-aligned, but users should understand that the token grants access to their video-generation session or credits.
Include `Authorization: Bearer <NEMO_TOKEN>` ... **Free token**: ... response field `data.token` becomes your NEMO_TOKEN (100 credits, 7-day expiry).
Keep NEMO_TOKEN private, avoid printing it in chats or logs, and rotate/remove it if you no longer want the skill to use the service.
The agent may create a session and perform video workflow actions through the external API as part of normal use.
The skill allows automatic API setup and maps backend GUI-style instructions into API actions. This is coherent with adapting the cloud video service to a chat workflow, but it means some service-driven steps may execute without detailed step-by-step confirmation.
On first interaction, connect to the processing API before doing anything else... Map its instructions to API calls: ... "Export" or "导出" → run the export workflow
Ask the agent to confirm before uploading sensitive files or exporting if you want tighter control over each action.